Class CipherSpi

This class defines the Service Provider Interface (SPI)
for the Cipher class.
All the abstract methods in this class must be implemented by each
cryptographic service provider who wishes to supply the implementation
of a particular cipher algorithm.

In order to create an instance of Cipher, which
encapsulates an instance of this CipherSpi class, an
application calls one of the
getInstance
factory methods of the
Cipher engine class and specifies the requested
transformation.
Optionally, the application may also specify the name of a provider.

A transformation is a string that describes the operation (or
set of operations) to be performed on the given input, to produce some
output. A transformation always includes the name of a cryptographic
algorithm (e.g., DES), and may be followed by a feedback mode and
padding scheme.

A transformation is of the form:

"algorithm/mode/padding" or

"algorithm"

(in the latter case,
provider-specific default values for the mode and padding scheme are used).
For example, the following is a valid transformation:

Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");

A provider may supply a separate class for each combination
of algorithm/mode/padding, or may decide to provide more generic
classes representing sub-transformations corresponding to
algorithm or algorithm/mode or algorithm//padding
(note the double slashes),
in which case the requested mode and/or padding are set automatically by
the getInstance methods of Cipher, which invoke
the engineSetMode and
engineSetPadding
methods of the provider's subclass of CipherSpi.

A Cipher property in a provider master class may have one of
the following formats:

For example, a provider may supply a subclass of CipherSpi
that implements DES/ECB/PKCS5Padding, one that implements
DES/CBC/PKCS5Padding, one that implements
DES/CFB/PKCS5Padding, and yet another one that implements
DES/OFB/PKCS5Padding. That provider would have the following
Cipher properties in its master class:

Cipher.DES/ECB/PKCS5Padding

Cipher.DES/CBC/PKCS5Padding

Cipher.DES/CFB/PKCS5Padding

Cipher.DES/OFB/PKCS5Padding

Another provider may implement a class for each of the above modes
(i.e., one class for ECB, one for CBC, one for CFB,
and one for OFB), one class for PKCS5Padding,
and a generic DES class that subclasses from CipherSpi.
That provider would have the following
Cipher properties in its master class:

Cipher.DES

The getInstance factory method of the Cipher
engine class follows these rules in order to instantiate a provider's
implementation of CipherSpi for a
transformation of the form "algorithm":

Check if the provider has registered a subclass of CipherSpi
for the specified "algorithm".

If the answer is YES, instantiate this
class, for whose mode and padding scheme default values (as supplied by
the provider) are used.

If the answer is NO, throw a NoSuchAlgorithmException
exception.

The getInstance factory method of the Cipher
engine class follows these rules in order to instantiate a provider's
implementation of CipherSpi for a
transformation of the form "algorithm/mode/padding":

Check if the provider has registered a subclass of CipherSpi
for the specified "algorithm/mode/padding" transformation.

If the answer is YES, instantiate it.

If the answer is NO, go to the next step.

Check if the provider has registered a subclass of CipherSpi
for the sub-transformation "algorithm/mode".

If the answer is YES, instantiate it, and call
engineSetPadding(padding) on the new instance.

If the answer is NO, go to the next step.

Check if the provider has registered a subclass of CipherSpi
for the sub-transformation "algorithm//padding" (note the double
slashes).

If the answer is YES, instantiate it, and call
engineSetMode(mode) on the new instance.

If the answer is NO, go to the next step.

Check if the provider has registered a subclass of CipherSpi
for the sub-transformation "algorithm".

If the answer is YES, instantiate it, and call
engineSetMode(mode) and
engineSetPadding(padding) on the new instance.

engineGetParameters

The returned parameters may be the same that were used to initialize
this cipher, or may contain a combination of default and random
parameter values used by the underlying cipher implementation if this
cipher requires algorithm parameters but was not initialized with any.

Returns:

the parameters used with this cipher, or null if this cipher
does not use any parameters.

engineInit

The cipher is initialized for one of the following four operations:
encryption, decryption, key wrapping or key unwrapping, depending on
the value of opmode.

If this cipher requires any algorithm parameters that cannot be
derived from the given key, the underlying cipher
implementation is supposed to generate the required parameters itself
(using provider-specific default or random values) if it is being
initialized for encryption or key wrapping, and raise an
InvalidKeyException if it is being
initialized for decryption or key unwrapping.
The generated parameters can be retrieved using
engineGetParameters or
engineGetIV (if the parameter is an IV).

If this cipher requires algorithm parameters that cannot be
derived from the input parameters, and there are no reasonable
provider-specific default values, initialization will
necessarily fail.

If this cipher (including its underlying feedback or padding scheme)
requires any random bytes (e.g., for parameter generation), it will get
them from random.

Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher and initializing
it.

Parameters:

opmode - the operation mode of this cipher (this is one of
the following:
ENCRYPT_MODE, DECRYPT_MODE,
WRAP_MODE or UNWRAP_MODE)

key - the encryption key

random - the source of randomness

Throws:

InvalidKeyException - if the given key is inappropriate for
initializing this cipher, or requires
algorithm parameters that cannot be
determined from the given key.

engineInit

Initializes this cipher with a key, a set of
algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations:
encryption, decryption, key wrapping or key unwrapping, depending on
the value of opmode.

If this cipher requires any algorithm parameters and
params is null, the underlying cipher implementation is
supposed to generate the required parameters itself (using
provider-specific default or random values) if it is being
initialized for encryption or key wrapping, and raise an
InvalidAlgorithmParameterException if it is being
initialized for decryption or key unwrapping.
The generated parameters can be retrieved using
engineGetParameters or
engineGetIV (if the parameter is an IV).

If this cipher requires algorithm parameters that cannot be
derived from the input parameters, and there are no reasonable
provider-specific default values, initialization will
necessarily fail.

If this cipher (including its underlying feedback or padding scheme)
requires any random bytes (e.g., for parameter generation), it will get
them from random.

Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher and initializing
it.

Parameters:

opmode - the operation mode of this cipher (this is one of
the following:
ENCRYPT_MODE, DECRYPT_MODE,
WRAP_MODE or UNWRAP_MODE)

engineInit

Initializes this cipher with a key, a set of
algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations:
encryption, decryption, key wrapping or key unwrapping, depending on
the value of opmode.

If this cipher requires any algorithm parameters and
params is null, the underlying cipher implementation is
supposed to generate the required parameters itself (using
provider-specific default or random values) if it is being
initialized for encryption or key wrapping, and raise an
InvalidAlgorithmParameterException if it is being
initialized for decryption or key unwrapping.
The generated parameters can be retrieved using
engineGetParameters or
engineGetIV (if the parameter is an IV).

If this cipher requires algorithm parameters that cannot be
derived from the input parameters, and there are no reasonable
provider-specific default values, initialization will
necessarily fail.

If this cipher (including its underlying feedback or padding scheme)
requires any random bytes (e.g., for parameter generation), it will get
them from random.

Note that when a Cipher object is initialized, it loses all
previously-acquired state. In other words, initializing a Cipher is
equivalent to creating a new instance of that Cipher and initializing
it.

Parameters:

opmode - the operation mode of this cipher (this is one of
the following:
ENCRYPT_MODE, DECRYPT_MODE,
WRAP_MODE or UNWRAP_MODE)

engineUpdate

Continues a multiple-part encryption or decryption operation
(depending on how this cipher was initialized), processing another data
part.

All input.remaining() bytes starting at
input.position() are processed. The result is stored
in the output buffer.
Upon return, the input buffer's position will be equal
to its limit; its limit will not have changed. The output buffer's
position will have advanced by n, where n is the value returned
by this method; the output buffer's limit will not have changed.

If output.remaining() bytes are insufficient to
hold the result, a ShortBufferException is thrown.

Subclasses should consider overriding this method if they can
process ByteBuffers more efficiently than byte arrays.

engineDoFinal

Encrypts or decrypts data in a single-part operation,
or finishes a multiple-part operation.
The data is encrypted or decrypted, depending on how this cipher was
initialized.

The first inputLen bytes in the input
buffer, starting at inputOffset inclusive, and any input
bytes that may have been buffered during a previous update
operation, are processed, with padding (if requested) being applied.
If an AEAD mode such as GCM/CCM is being used, the authentication
tag is appended in the case of encryption, or verified in the
case of decryption.
The result is stored in a new buffer.

Upon finishing, this method resets this cipher object to the state
it was in when previously initialized via a call to
engineInit.
That is, the object is reset and available to encrypt or decrypt
(depending on the operation mode that was specified in the call to
engineInit) more data.

Note: if any exception is thrown, this cipher object may need to
be reset before it can be used again.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input
starts

inputLen - the input length

Returns:

the new buffer with the result

Throws:

IllegalBlockSizeException - if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size; or if this encryption algorithm is unable to
process the input data provided.

BadPaddingException - if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an
AEAD mode (such as GCM/CCM), and the received authentication tag
does not match the calculated value

engineDoFinal

Encrypts or decrypts data in a single-part operation,
or finishes a multiple-part operation.
The data is encrypted or decrypted, depending on how this cipher was
initialized.

The first inputLen bytes in the input
buffer, starting at inputOffset inclusive, and any input
bytes that may have been buffered during a previous update
operation, are processed, with padding (if requested) being applied.
If an AEAD mode such as GCM/CCM is being used, the authentication
tag is appended in the case of encryption, or verified in the
case of decryption.
The result is stored in the output buffer, starting at
outputOffset inclusive.

If the output buffer is too small to hold the result,
a ShortBufferException is thrown.

Upon finishing, this method resets this cipher object to the state
it was in when previously initialized via a call to
engineInit.
That is, the object is reset and available to encrypt or decrypt
(depending on the operation mode that was specified in the call to
engineInit) more data.

Note: if any exception is thrown, this cipher object may need to
be reset before it can be used again.

Parameters:

input - the input buffer

inputOffset - the offset in input where the input
starts

inputLen - the input length

output - the buffer for the result

outputOffset - the offset in output where the result
is stored

Returns:

the number of bytes stored in output

Throws:

IllegalBlockSizeException - if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size; or if this encryption algorithm is unable to
process the input data provided.

engineDoFinal

Encrypts or decrypts data in a single-part operation,
or finishes a multiple-part operation.
The data is encrypted or decrypted, depending on how this cipher was
initialized.

All input.remaining() bytes starting at
input.position() are processed.
If an AEAD mode such as GCM/CCM is being used, the authentication
tag is appended in the case of encryption, or verified in the
case of decryption.
The result is stored in the output buffer.
Upon return, the input buffer's position will be equal
to its limit; its limit will not have changed. The output buffer's
position will have advanced by n, where n is the value returned
by this method; the output buffer's limit will not have changed.

If output.remaining() bytes are insufficient to
hold the result, a ShortBufferException is thrown.

Upon finishing, this method resets this cipher object to the state
it was in when previously initialized via a call to
engineInit.
That is, the object is reset and available to encrypt or decrypt
(depending on the operation mode that was specified in the call to
engineInit) more data.

Note: if any exception is thrown, this cipher object may need to
be reset before it can be used again.

Subclasses should consider overriding this method if they can
process ByteBuffers more efficiently than byte arrays.

Parameters:

input - the input ByteBuffer

output - the output ByteByffer

Returns:

the number of bytes stored in output

Throws:

IllegalBlockSizeException - if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size; or if this encryption algorithm is unable to
process the input data provided.

engineWrap

This concrete method has been added to this previously-defined
abstract class. (For backwards compatibility, it cannot be abstract.)
It may be overridden by a provider to wrap a key.
Such an override is expected to throw an IllegalBlockSizeException or
InvalidKeyException (under the specified circumstances),
if the given key cannot be wrapped.
If this method is not overridden, it always throws an
UnsupportedOperationException.

Parameters:

key - the key to be wrapped.

Returns:

the wrapped key.

Throws:

IllegalBlockSizeException - if this cipher is a block cipher,
no padding has been requested, and the length of the encoding of the
key to be wrapped is not a multiple of the block size.

InvalidKeyException - if it is impossible or unsafe to
wrap the key with this cipher (e.g., a hardware protected key is
being passed to a software-only cipher).

engineUnwrap

This concrete method has been added to this previously-defined
abstract class. (For backwards compatibility, it cannot be abstract.)
It may be overridden by a provider to unwrap a previously wrapped key.
Such an override is expected to throw an InvalidKeyException if
the given wrapped key cannot be unwrapped.
If this method is not overridden, it always throws an
UnsupportedOperationException.

Parameters:

wrappedKey - the key to be unwrapped.

wrappedKeyAlgorithm - the algorithm associated with the wrapped
key.

wrappedKeyType - the type of the wrapped key. This is one of
SECRET_KEY, PRIVATE_KEY, or
PUBLIC_KEY.

Returns:

the unwrapped key.

Throws:

NoSuchAlgorithmException - if no installed providers
can create keys of type wrappedKeyType for the
wrappedKeyAlgorithm.

InvalidKeyException - if wrappedKey does not
represent a wrapped key of type wrappedKeyType for
the wrappedKeyAlgorithm.

engineUpdateAAD

protected void engineUpdateAAD(byte[] src,
int offset,
int len)

Continues a multi-part update of the Additional Authentication
Data (AAD), using a subset of the provided buffer.

Calls to this method provide AAD to the cipher when operating in
modes such as AEAD (GCM/CCM). If this cipher is operating in
either GCM or CCM mode, all AAD must be supplied before beginning
operations on the ciphertext (via the update and doFinal methods).

Parameters:

src - the buffer containing the AAD

offset - the offset in src where the AAD input starts

len - the number of AAD bytes

Throws:

IllegalStateException - if this cipher is in a wrong state
(e.g., has not been initialized), does not accept AAD, or if
operating in either GCM or CCM mode and one of the update
methods has already been called for the active
encryption/decryption operation

engineUpdateAAD

Continues a multi-part update of the Additional Authentication
Data (AAD).

Calls to this method provide AAD to the cipher when operating in
modes such as AEAD (GCM/CCM). If this cipher is operating in
either GCM or CCM mode, all AAD must be supplied before beginning
operations on the ciphertext (via the update and doFinal methods).

All src.remaining() bytes starting at
src.position() are processed.
Upon return, the input buffer's position will be equal
to its limit; its limit will not have changed.

Parameters:

src - the buffer containing the AAD

Throws:

IllegalStateException - if this cipher is in a wrong state
(e.g., has not been initialized), does not accept AAD, or if
operating in either GCM or CCM mode and one of the update
methods has already been called for the active
encryption/decryption operation